Research

Scaling Network Security

By Mike Rothman

Existing network security architectures, based mostly on preventing attacks from external adversaries, don’t reflect the changing dynamics of enterprise networks. With business partners and other trusted parties needing more access to corporate data and the encapsulation of most application traffic in standard protocols (Port 80 and 443), digging a moat around your corporate network no longer provides the protection your organization needs. Additionally, network speeds continue to increase putting a strain on inline network security controls that much scale at the same rate as the networks.

Successfully protecting networks require you to scale network security controls while being able to enforce security policies flexibly. By applying context to the security controls used for each connection ensures proper protection without adding undue stress to the controls. The last thing you can do is compromise security in the face of increasing bandwidth.

The scaled network architecture involves applying access control everywhere to make sure only authorized connections have access to critical data and implementing security controls where needed, based on the requirements of the application. Moreover, security policies need to change as networks, applications and business requirements change, so the architecture needs to adapt without requiring forklift upgrades and radical overhauls.

This Scaling Network Security paper looks at where secure networking started and why it needs to change. We present requirements for today’s networks which will take you into the future. Finally, we go through the architectural constructs we believe can help scale up your network security controls.

We’d like to thank Gigamon for licensing the content. It’s through the support of forward-thinking companies that use our content to educate their communities that allow us to write what you need to read. As always, our research is done using our Totally Transparent research methodology. This allows us to do impactful research while protecting our integrity.

Contact

About

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization.